Thursday, March 20, 2008
Companies must increase their vigilance; so must home users (2 stories today)
Brian Krebs has an important story on p D3 Business of the March 20, 2008 Washington Post, “Firms Struggle Against Web Viruses: Security Companies Scramble to Combat Rise of Malicious Programs,” link here.
Krebs notes that around 1990, companies were dealing with a few new viruses a week, mostly spread by floppy diskettes (like the Michelangelo Virus or Jerusalem Virus). Sometimes security departments in companies would even give employees diskettes to take home to check for very specific viruses.
Now, Krebs writes, security companies like McAfee and Norton sift through 2000 new viruses an hour. It amazes me that the daily DAT update from McAfee can keep up with so much and encapsulate so much in the signature files, especially to check for heuristic and polymorphic viruses.
Virus writers have actually hired young programmers, luring them away from legitimate companies and pursuits. They actually do “QA.” And they are trying to make viruses harder to remove completely, at least for home users. Many of them are relatively symptom free and are more concerned with stealing personal information or setting up launchpads for attacks.
So far, even in 2008, it does not seem that home users have been pursued legally when their computers became “contagious”, but I’ve always wondered if there needs to be a legal and legislative initiative to deal with potential downstream liability problems. I remember a conversation about this in the Libertarian Party of Minnesota in the summer of 2000 with an AOL contractor in Minneapolis. I will probably address this on my Wordpress blog later.
Krebs has another important story today, “New Interagency Group to Oversee Cyberattack Defense,” link here. The interagency group may be headed by Rod Beckstrom (known for twiki.net, a “certified Wiki” platform) and be housed in the Homeland Security department.